Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Admin user loses some permissions when oauth is set up

Description

Hi,

I have recently tried to set up some generic oauth for Percona PMM to allow some users to login via Keycloak in our organization.

Here is the environment file used by the percona pmm podman container to set up this OIDC login :

We are currently using keycloak as the auth provider.

Concerning the podman container, here is the service file :

Running the container works, we can connect through OIDC with users coming from Keycloak and our AD.

But when we activate this generic oauth, the local admin user loses its permissions :

  • we get some internal server errors

  • we lose the “inventory” context (we can’t see the clients anymore)

  • the api keys used by the clients to send datas to PMM don’t work anymore

It meens that we can’t send datas anymore to the PMM server and we can’t configure the PMM server with the admin user anymore.

When we disable the generic oauth, everything is back to normal.

Have you ever experienced it ?

Thank you

How to test

None

How to document

None

Activity

Baptiste Balmon 
April 25, 2025 at 9:26 AM

hi , I really can’t find any topic about my problem. I’m using operator, I guess migration from pmm-2 to pmm-3 is not supported yet because the operator can’t set up the pmm-client container. Also I can’t find pmm-3 documentation here or here . It seems that I have to wait for this upgrade to be reported to the operators.

Aaditya Dubey 
April 25, 2025 at 9:04 AM

Hi

That’s sad to hear. Please connect with our technical forum here at , and please also check our documentation which should be helpful.

If it turns out to be a bug, please let us know.

Baptiste Balmon 
April 25, 2025 at 8:23 AM

Hi , I’ve tried to migrate to PMM-3 which resulted in breaking all the metrics flow. I’ve created an issue
thank you for your help

Aaditya Dubey 
April 14, 2025 at 12:54 PM

Hi

We still haven't heard any news from you. So, I assume the issue no longer persists and will close the ticket. If you disagree, reply and create a follow-up with a new Jira report.

Baptiste Balmon 
November 20, 2024 at 9:24 AM

Thank you , I will for sure !

Incomplete

Details

Assignee

Reporter

Priority

Labels

Needs QA

Needs Doc

Due date

Created November 6, 2024 at 8:52 AM
Updated April 25, 2025 at 9:26 AM
Resolved April 14, 2025 at 12:54 PM